I read two bits of troubling news this week concerning Google. One deals directly with the security of its Android mobile operating system. The other comes from the company, and illustrates just how dangerous the Web remains.
PCWorld and other sites report that Google is expanding its twice-yearly transparency reports, which to this point provide a good deal of information about Web-related things other than security. The new reporting focuses on security-related metrics collected from Google’s Safe Browsing technology. According to the story, the seven-year-old service assesses billions of URLs daily to ferret out risky sites.
The results are sobering. As of mid-June, the program identified almost 42,000 malware sites per week. It found about 26,000 phishing sites. More than 88 million warnings were delivered to users during the week of June 16.
Mobility represents an especially threatening part in this dangerous landscape. Juniper Networks’ third annual Mobile Threats Report found that overall, mobile malware grew 614 percent between March 2012 and March 2013. The total number of malicious apps at the end of that period was 276,259. Android, Juniper’s Mobile Threat Center found, is the focal point of this vulnerability:
Additionally, it is clear from developments in the threat landscape that malware writers are increasingly behaving like profit-motivated businesses when designing new attacks and malware distribution strategies. Attackers are maximizing their return on investment by focusing 92 percent of all MTC detected threats at Android, which has a commanding share of the global smartphone market.
Other facts about Android security reported in the release buttress the common thread that both the operating system and the way apps built on it are distributed are dangerous. The bottom line is that Android’s open nature and business model make its security issues structural and insidious.
The proliferating number of available versions of Android leads to a scenario in which the latest, and presumably most secure, is not widely used. InfoWorld, in its coverage of Juniper’s MTC report, said that three-quarters of the threats to the OS are malicious apps that send SMS messages to premium rate numbers. These, the story said, would be mitigated by use of Android 4.2 (Jelly Bean). Unfortunately, only 4 percent of devices have updated to the six-month-old version of Android.
Those using Android should protect their devices. Phones Review offers a nice and up-to-date rundown of tools that can help. The story links to software from Norton, McAfee, Lookout, Privacy Master, Smart AppLock, AVG’s Mobile AntiVirus Security PRO, APP Lock, Antivirus and Mobile Security from TrustGo, Bitdefender’s Clueful Privacy Advisor and NQ Mobile Security & Antivirus.